Qualys SCAP Auditor 1.2 Certification Completed

The U.S. National Institute of Standards and Technology (NIST) has today certified Qualys SCAP Auditor 1.2 for use by federal agencies as an SCAP tool. Federal agencies are required to use the Security Content Automation Protocol (SCAP) to automate the vulnerability management and policy compliance processes they use to demonstrate compliance with FISMA and USGCB mandates.

With the growing adoption of SCAP, Qualys SCAP Auditor 1.2 is committed to continuing support for the United States Government Configuration Baseline (USGCB). Government agencies and associated industries should use the SCAP-validated Qualys SCAP Auditor service to test and assess compliance with FDCC and USGCB standards.

USGCB

What is the United States Government Configuration Baseline? How does it differ from FDCC?

In May 2010, the Architecture and Infrastructure Committee of the CIO Council announced the United States Government Configuration Baseline (USGCB) settings for Windows 7 and Internet Explorer 8. The USGCB is a further clarification of the Federal Desktop Core Configuration (FDCC); specifically, the USGCB initiative falls within FDCC and comprises the configuration settings component of FDCC. To assist in implementation, NIST will release the supporting Security Content Automation Protocol (SCAP) content for all USGCB settings.